[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client blocking forever in SSL_connect

To: Ralf Haferkamp <rhafer@suse.de>
Subject: Re: Client blocking forever in SSL_connect
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 22 Dec 2005 09:43:43 -0800
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <200512191943.03117.rhafer@suse.de>
References: <200512191943.03117.rhafer@suse.de>

At 10:43 AM 12/19/2005, Ralf Haferkamp wrote:
>Hi,
>
>I ran into a problem where an LDAP Client, that uses SSL/TLS (no matter 
>whether via ldaps or START_TLS) was indefinitely blocking in the 
>SSL_connect() call in libraries/libldap/tls.c.
>As libldap mostly uses blocking IO (as far as I understand), the 
>SSL_connect call also uses blocking IO (according to the openssl docs) 
>and so it can easily block if the server does not reply.
>
>I am wondering if it is possible to add functionallty to the API that 
>one can use SSL_connect in a non-blocking fashion. For example by 
>setting the underlying socket to non-blocking just before the 
>SSL_connect call and using select with the LDAP_OPT_NETWORK_TIMEOUT 
>timeout value and setting it back to blocking IO after the SSL 
>handshake completed. Similar to what is done in ldap_pvt_connect() in 
>libraries/libldap/os-ip.c
>
>Comments or other suggestions?

What API would you provide to the program to continue the
communication once blocking condition was removed?

Kurt

Follow-Ups:
- Re: Client blocking forever in SSL_connect
  - From: Ralf Haferkamp <rhafer@suse.de>

References:
- Client blocking forever in SSL_connect
  - From: Ralf Haferkamp <rhafer@suse.de>

Prev by Date: Re:Re: High availability (was Re: Question about the configbranch)
Next by Date: Re: Client blocking forever in SSL_connect
Index(es):
- Chronological
- Thread